<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第128期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第128期）</strong></h5>
<blockquote> 2016/08/08-2016/08/14</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>又一起以政府为目标的重大网络威胁——ProjectSauron<br><a target="_blank" href="http://www.mottoin.com/86962.html">http://www.mottoin.com/86962.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Dota2论坛遭黑客入侵 泄露近200W用户数据<br><a target="_blank" href="http://www.mottoin.com/86847.html">http://www.mottoin.com/86847.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>微软再曝安全漏洞：允许黑客绕过Windows安全启动<br><a target="_blank" href="http://www.mottoin.com/87089.html">http://www.mottoin.com/87089.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>阿里云安全算法挑战赛 钓鱼网站检测&amp;WebShell通信检测<br><a target="_blank" href="https://tianchi.shuju.aliyun.com/competition/information.htm?raceId=231585">https://tianchi.shuju.aliyun.com/competition/information.htm?raceId=231585</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Palantir：神秘的独角兽公司，做产品还是做服务<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4NzM3MTI1MQ==&amp;mid=2247486010&amp;idx=2&amp;sn=7c8009fd5f6e56ed3f167b7053a72440">http://mp.weixin.qq.com/s?__biz=MzA4NzM3MTI1MQ==&amp;mid=2247486010&amp;idx=2&amp;sn=7c8009fd5f6e56ed3f167b7053a72440</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>互联网上的污染<br><a target="_blank" href="http://www.solidot.org/story?sid=49244">http://www.solidot.org/story?sid=49244</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>新三板最大并购案：南洋股份57亿人民币收购天融信切入信息安全行业 <br><a target="_blank" href="http://www.valleytalk.org/2016/08/05/%e6%96%b0%e4%b8%89%e6%9d%bf%e6%9c%80%e5%a4%a7%e5%b9%b6%e8%b4%ad%e6%a1%88%ef%bc%9a%e5%8d%97%e6%b4%8b%e8%82%a1%e4%bb%bd57%e4%ba%bf%e4%ba%ba%e6%b0%91%e5%b8%81%e6%94%b6%e8%b4%ad%e5%a4%a9%e8%9e%8d%e4%bf%a1/">http://www.valleytalk.org/2016/08/05/%e6%96%b0%e4%b8%89%e6%9d%bf%e6%9c%80%e5%a4%a7%e5%b9%b6%e8%b4%ad%e6%a1%88%ef%bc%9a%e5%8d%97%e6%b4%8b%e8%82%a1%e4%bb%bd57%e4%ba%bf%e4%ba%ba%e6%b0%91%e5%b8%81%e6%94%b6%e8%b4%ad%e5%a4%a9%e8%9e%8d%e4%bf%a1/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>The DAO Hacker is Getting Away<br><a target="_blank" href="http://www.coindesk.com/ethereum-dao-hacker-getting-away-classic/?utm_content=buffer94ccc&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer">http://www.coindesk.com/ethereum-dao-hacker-getting-away-classic/?utm_content=buffer94ccc&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>Data Breach At Oracle’s MICROS Point-of-Sale Division<br><a target="_blank" href="http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/">http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>A New Wireless Hack Can Unlock 100 Million Volkswagens <br><a target="_blank" href="https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/">https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>Dota 2 forum breach leaks 2 million user accounts <br><a target="_blank" href="http://www.zdnet.com/article/dota-2-players-targeted-by-forum-hackers-in-new-breach/?utm_source=dlvr.it&amp;utm_medium=twitter#ftag=RSSbaffb68">http://www.zdnet.com/article/dota-2-players-targeted-by-forum-hackers-in-new-breach/?utm_source=dlvr.it&amp;utm_medium=twitter#ftag=RSSbaffb68</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>USENIX Security &#039;16 : 安全顶会议题及论文<br><a target="_blank" href="https://www.usenix.org/conference/usenixsecurity16/technical-sessions">https://www.usenix.org/conference/usenixsecurity16/technical-sessions</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>初探Windows Fuzzing神器----Winafl<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&amp;mid=2247483695&amp;idx=1&amp;sn=1de5db39d6986560d80ab604aae88467&amp;scene=1&amp;srcid=0809LR0yEgkq6U2DLBdpRKAT">https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&amp;mid=2247483695&amp;idx=1&amp;sn=1de5db39d6986560d80ab604aae88467&amp;scene=1&amp;srcid=0809LR0yEgkq6U2DLBdpRKAT</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>https://github.com/ufrisk/pcileech<br><a target="_blank" href="https://github.com/ufrisk/pcileech">https://github.com/ufrisk/pcileech</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>东巽科技2046Lab团队APT报告：“丰收行动”<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA5Njk2MjQwNQ==&amp;mid=2662971031&amp;idx=1&amp;sn=5e3ec5f92353d65758fc9e5dacd511f5&amp;scene=1&amp;srcid=0808xHpyGeoLW6D85Jqyjezg">https://mp.weixin.qq.com/s?__biz=MzA5Njk2MjQwNQ==&amp;mid=2662971031&amp;idx=1&amp;sn=5e3ec5f92353d65758fc9e5dacd511f5&amp;scene=1&amp;srcid=0808xHpyGeoLW6D85Jqyjezg</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Pure Off-path TCP attack demo by using a side channel in Recent Linux Kernel<br><a target="_blank" href="https://www.youtube.com/watch?v=5h4rhAAFXFk">https://www.youtube.com/watch?v=5h4rhAAFXFk</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WAF攻防研究之四个层次Bypass WAF<br><a target="_blank" href="http://www.mottoin.com/86886.html">http://www.mottoin.com/86886.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>开源威胁情报工具和技术-MottoIN<br><a target="_blank" href="http://www.mottoin.com/86742.html">http://www.mottoin.com/86742.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>乌云 Drops 文章在线浏览<br><a target="_blank" href="https://jiji262.github.io/wooyun_articles/">https://jiji262.github.io/wooyun_articles/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Web_Dionaea: 基于Docker的蜜罐系统-MottoIN<br><a target="_blank" href="http://www.mottoin.com/86937.html">http://www.mottoin.com/86937.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Earthworm：便携式网络穿透工具<br><a target="_blank" href="http://www.mottoin.com/87056.html">http://www.mottoin.com/87056.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>2016年中回顾：网络安全威胁TOP6分析报告<br><a target="_blank" href="http://www.freebuf.com/articles/database/111351.html">http://www.freebuf.com/articles/database/111351.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>浅谈安卓开发代码混淆技术<br><a target="_blank" href="http://blog.yaq.qq.com/detail/7">http://blog.yaq.qq.com/detail/7</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何挖掘Uber网站的XXE注入漏洞<br><a target="_blank" href="http://www.mottoin.com/86853.html">http://www.mottoin.com/86853.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>使用SDR扫描嗅探GSM网络<br><a target="_blank" href="http://www.freebuf.com/articles/wireless/110773.html">http://www.freebuf.com/articles/wireless/110773.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>DEF CON® 24 Hacking Conference Torrent<br><a target="_blank" href="https://www.defcon.org/html/defcon-24/dc-24-news.html#dc24cdtorrents">https://www.defcon.org/html/defcon-24/dc-24-news.html#dc24cdtorrents</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>bypasswaf:  Burp extension to bypass some WAF products<br><a target="_blank" href="https://github.com/codewatchorg/bypasswaf">https://github.com/codewatchorg/bypasswaf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从栈溢出到简单的shellcode开发<br><a target="_blank" href="http://www.mottoin.com/86821.html">http://www.mottoin.com/86821.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Cracking Orcus RAT<br><a target="_blank" href="http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/">http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>BitBlaze: Binary Analysis for Computer Security<br><a target="_blank" href="http://bitblaze.cs.berkeley.edu/">http://bitblaze.cs.berkeley.edu/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>web 可用性监控工具 Urlooker<br><a target="_blank" href="https://github.com/710leo/urlooker">https://github.com/710leo/urlooker</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Cracking HawkEye Keylogger Reborn<br><a target="_blank" href="http://blog.deniable.org/blog/2016/08/04/cracking-hawkeye-keylogger-reborn/">http://blog.deniable.org/blog/2016/08/04/cracking-hawkeye-keylogger-reborn/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>A Black Path Toward The Sun － HTTP Tunnel 工具简介<br><a target="_blank" href="http://www.mottoin.com/86956.html">http://www.mottoin.com/86956.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>追踪溯源:希拉里邮箱泄露事件<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/21950527">https://zhuanlan.zhihu.com/p/21950527</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android安全开发之WebView中的地雷<br><a target="_blank" href="http://blog.yaq.qq.com/detail/10">http://blog.yaq.qq.com/detail/10</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>无回显命令执行PoC编写方法(Apache Shiro Java反序列化)<br><a target="_blank" href="http://www.mottoin.com/87095.html">http://www.mottoin.com/87095.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP安全编码规范之安全配置篇 <br><a target="_blank" href="http://blog.topsec.com.cn/ad_lab/audit-defanse/">http://blog.topsec.com.cn/ad_lab/audit-defanse/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>The ITRC 2016 Data Breach Report<br><a target="_blank" href="http://www.idtheftcenter.org/images/breach/ITRCBreachReport2016.pdf">http://www.idtheftcenter.org/images/breach/ITRCBreachReport2016.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>创建一个基于powershell的蠕虫（附POC）<br><a target="_blank" href="http://www.mottoin.com/87060.html">http://www.mottoin.com/87060.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>The DEFCON CTF VM<br><a target="_blank" href="http://fuzyll.com/2016/the-defcon-ctf-vm/">http://fuzyll.com/2016/the-defcon-ctf-vm/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>也说DNS反弹Shell <br><a target="_blank" href="http://phantom0301.github.io/2016/08/11/DNSshell/">http://phantom0301.github.io/2016/08/11/DNSshell/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Binmap: a system scanner<br><a target="_blank" href="http://blog.quarkslab.com/binmap-a-system-scanner.html">http://blog.quarkslab.com/binmap-a-system-scanner.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>btlike BT搜索引擎<br><a target="_blank" href="http://btlike.com/">http://btlike.com/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>hacking-resources（典型漏洞的实际例子列表，国外）<br><a target="_blank" href="https://www.torontowebsitedeveloper.com/hacking-resources">https://www.torontowebsitedeveloper.com/hacking-resources</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Reversing a Finite Field Multiplication Optimization<br><a target="_blank" href="http://blog.quarkslab.com/reversing-a-finite-field-multiplication-optimization.html">http://blog.quarkslab.com/reversing-a-finite-field-multiplication-optimization.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Return Oriented Exploitation (ROP)<br><a target="_blank" href="https://www.youtube.com/watch?v=5FJxC59hMRY#t=12.068027">https://www.youtube.com/watch?v=5FJxC59hMRY#t=12.068027</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Playing Fasttracker 2 .XM files in Javascript – a1k0n.net<br><a target="_blank" href="https://www.a1k0n.net/2015/11/09/javascript-ft2-player.html">https://www.a1k0n.net/2015/11/09/javascript-ft2-player.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>OSTrICa - Open Source Threat Intelligence Collector<br><a target="_blank" href="https://github.com/Ptr32Void/OSTrICa">https://github.com/Ptr32Void/OSTrICa</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>How I Cracked a Keylogger and Ended Up in Someone&#039;s Inbox<br><a target="_blank" href="https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keylogger-and-Ended-Up-in-Someone-s-Inbox/">https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keylogger-and-Ended-Up-in-Someone-s-Inbox/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>[Defcon24] Introduction to the Witchcraft Compiler Collection<br><a target="_blank" href="http://www.slideshare.net/endrazine/introduction-to-the-witchcraft-compiler-collection">http://www.slideshare.net/endrazine/introduction-to-the-witchcraft-compiler-collection</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>怎样使用 Tripwire 来检测 Ubuntu VPS 服务器的入侵<br><a target="_blank" href="http://www.mottoin.com/86967.html">http://www.mottoin.com/86967.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Wordpress Joomla Drupal 最近十年漏洞类型分布<br><a target="_blank" href="https://samsclass.info/129S/proj/CMSvulns080916.htm">https://samsclass.info/129S/proj/CMSvulns080916.htm</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>datasploit: A tool to perform various OSINT techniques<br><a target="_blank" href="https://github.com/upgoingstar/datasploit">https://github.com/upgoingstar/datasploit</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Pcap-Analyzer: Python编写的简单的离线数据包分析器<br><a target="_blank" href="https://github.com/HatBoy/Pcap-Analyzer">https://github.com/HatBoy/Pcap-Analyzer</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>toxic proxies bypassing https and vpns to pwn online identity<br><a target="_blank" href="https://speakerdeck.com/noxrnet/toxic-proxies-bypassing-https-and-vpns-to-pwn-your-online-identity">https://speakerdeck.com/noxrnet/toxic-proxies-bypassing-https-and-vpns-to-pwn-your-online-identity</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>binary.ninja : a reverse engineering platform<br><a target="_blank" href="https://binary.ninja/">https://binary.ninja/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>DECAF - Dynamic Executable Code Analysis Framework<br><a target="_blank" href="https://github.com/sycurelab/DECAF">https://github.com/sycurelab/DECAF</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>浅谈工控安全|附送工控系统仿真程序和相关技术文档<br><a target="_blank" href="http://www.sec-un.org/discussion-on-industrial-safety.html">http://www.sec-un.org/discussion-on-industrial-safety.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ProjectSauron APT On Par With Equation, Flame, Duqu <br><a target="_blank" href="https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/">https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>企业信息安全之社工学审计<br><a target="_blank" href="http://www.mottoin.com/86806.html">http://www.mottoin.com/86806.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Implementing a Custom Directive Handler in Clang<br><a target="_blank" href="http://blog.quarkslab.com/implementing-a-custom-directive-handler-in-clang.html">http://blog.quarkslab.com/implementing-a-custom-directive-handler-in-clang.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>David Brumley&#039;s Research<br><a target="_blank" href="https://users.ece.cmu.edu/~dbrumley/">https://users.ece.cmu.edu/~dbrumley/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一次针对存储型XSS的fuzzing<br><a target="_blank" href="http://ecma.io/?p=448">http://ecma.io/?p=448</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>BCBP登机牌安全研究一<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946119&amp;idx=1&amp;sn=178c7e89166a0dabaadc4d4684e69745&amp;scene=1&amp;srcid=0811jWGTyLMAcBOQtVcG0yVp">https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946119&amp;idx=1&amp;sn=178c7e89166a0dabaadc4d4684e69745&amp;scene=1&amp;srcid=0811jWGTyLMAcBOQtVcG0yVp</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>BadTunnel利用之远程劫持任意内网主机流量<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4MDMwMjQ3Mg==&amp;mid=2651864934&amp;idx=1&amp;sn=47fabdf7384a29fc6fcaca48bacbe68b&amp;scene=1">http://mp.weixin.qq.com/s?__biz=MzA4MDMwMjQ3Mg==&amp;mid=2651864934&amp;idx=1&amp;sn=47fabdf7384a29fc6fcaca48bacbe68b&amp;scene=1</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>DEF CON 24 Hacking Conference all Slides<br><a target="_blank" href="https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/">https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>A brief survey of Fully Homomorphic Encryption, computing on encrypted data<br><a target="_blank" href="http://blog.quarkslab.com/a-brief-survey-of-fully-homomorphic-encryption-computing-on-encrypted-data.html">http://blog.quarkslab.com/a-brief-survey-of-fully-homomorphic-encryption-computing-on-encrypted-data.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Triton under the hood<br><a target="_blank" href="http://blog.quarkslab.com/triton-under-the-hood.html">http://blog.quarkslab.com/triton-under-the-hood.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>ics-default-passwords:List of default passwords for Industrial Control Systems<br><a target="_blank" href="https://github.com/arnaudsoullie/ics-default-passwords">https://github.com/arnaudsoullie/ics-default-passwords</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>httphijack: 使用Javascript实现前端防御http劫持及防御XSS攻击<br><a target="_blank" href="https://github.com/chokcoco/httphijack">https://github.com/chokcoco/httphijack</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>symantec - Security Response Custom Report<br><a target="_blank" href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf">http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>SCAF -  source-code-analysis-framework <br><a target="_blank" href="http://blog.quarkslab.com/scaf-source-code-analysis-framework-based-on-clang-pre-alpha-preview.html">http://blog.quarkslab.com/scaf-source-code-analysis-framework-based-on-clang-pre-alpha-preview.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Keyringer: encrypted and distributed secret sharing software<br><a target="_blank" href="https://keyringer.pw/">https://keyringer.pw/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>机器的黎明 -- 第24届DEF CON CTF总决赛亚军队员访谈<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/22005633">https://zhuanlan.zhihu.com/p/22005633</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span> WASE - The Web Audit Search Engine <br><a target="_blank" href="https://github.com/thomaspatzke/WASE">https://github.com/thomaspatzke/WASE</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>使用HTTP头去绕过WAF<br><a target="_blank" href="http://weibo.com/p/230418d7058b150102wm3e">http://weibo.com/p/230418d7058b150102wm3e</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Identifying Scam Infrastructure<br><a target="_blank" href="https://blog.opendns.com/2016/08/05/identifying-scam-infrastructure/">https://blog.opendns.com/2016/08/05/identifying-scam-infrastructure/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Xen exploitation part 3: XSA-182, Qubes escape<br><a target="_blank" href="http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html">http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IRMA v1.3.0 released<br><a target="_blank" href="http://blog.quarkslab.com/irma-v130.html">http://blog.quarkslab.com/irma-v130.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>coala: Language Independent Code Analysis<br><a target="_blank" href="https://github.com/coala-analyzer/coala">https://github.com/coala-analyzer/coala</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Best DEF CON 24 Hacking Conference slides<br><a target="_blank" href="https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Lucas-Lundgren-Light-Weight%20Protocol-Critical-Implications.pdf">https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Lucas-Lundgren-Light-Weight%20Protocol-Critical-Implications.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Xen exploitation part 1: XSA-105, from nobody to root<br><a target="_blank" href="http://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html">http://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Xen exploitation part 2: XSA-148, from guest to host<br><a target="_blank" href="http://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html">http://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>BCBP登机牌安全研究の第二弹<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946153&amp;idx=1&amp;sn=ca04d0fe7ed23be27ff33cf4529e4bfc&amp;scene=1&amp;srcid=08114LEr3mNsym96tmRMyIUm">https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&amp;mid=2648946153&amp;idx=1&amp;sn=ca04d0fe7ed23be27ff33cf4529e4bfc&amp;scene=1&amp;srcid=08114LEr3mNsym96tmRMyIUm</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/128">SecWiki周刊(第128期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
